×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Mark Shuttleworth Anything

techmuse Orange? (319 comments)

Orange is very pervasive throughout Ubuntu, but isn't often used elsewhere, at least not in the US. I'm wondering if this is your favorite color, or if it is more popular in South Africa, or if there is some other reason that orange was chosen as Ubuntu's signature color/

about a year ago
top

Linus Torvalds Will Answer Your Questions

techmuse Future influences on Linux? (460 comments)

Hi, Linus. What do you think the big challenges in OS design will be over the upcoming years? Will Linux be influenced more heavily by mobile devices, servers, or something else? What do you foresee coming along that will have the greatest impact on Linux?

about a year and a half ago
top

Quantum Processor Factors Prime Number

techmuse Title is wrong (2 comments)

They factored a composite number. Prime numbers are, by definition, not factorable.

about a year and a half ago
top

Zeolite thermal storage retains heat indefinitely, absorbs four times more heat

techmuse This would violate the laws of physics. (2 comments)

That's impossible. It would violate the laws of thermodynamics.

about 2 years ago
top

Ask Internet Visionary and Pioneer Vint Cerf

techmuse What would you like to see developed next? (109 comments)

I'm curious what technologies you would like to see developed next, or what you think would be most important to develop next. In other words, what do you think researchers should work on now that would be most significant?

Oh, and thank you for changing my life!

about 2 years ago
top

Ask William Shatner Whatever You'd Like

techmuse Inspiring the next generation? (368 comments)

Growing up, Star Trek was one of the things that got me interested in engineering and the sciences. It made me want to see the future, or create it myself. What do you think should be done to inspire the next generation of scientists and engineers?

more than 2 years ago
top

Apple's New Campus Called a 'Retrograde Cocoon'

techmuse Sounds like every other corporate building (2 comments)

In how many corporate campuses do you run into people who aren't your co-workers, clients, or contractors?

more than 2 years ago
top

America Losing Its Edge In Innovation

techmuse Re: What's missing from this article? (757 comments)

The thing is, if a group of engineers discusses an idea, sooner or later an idea pops up that everyone at the table agrees is the best possible solution, given the problem to be solved and the resources available to solve it. Then they go put their solution into practice. Politics isn't like this. There are always a few nimrods who will denounce even the sanest solution to any problem as "statist" or "communist" or whatever the appropriate political insult is at the moment, so the end solution is almost never the sanest one.

QUICK: Name the last president we had with an engineering degree.

A: J. Carter

He didn't work out too well, did he? :(

Carter inherited a disastrous economy, which resulted from a prolonged war funded by future earnings. When the bill came due at the end of the decade, the economy had massive problems. Sound familiar?

more than 3 years ago
top

OS X The most dangerous OS and other danger

techmuse Bad logic (5 comments)

I see this logic repeated a lot, but it isn't correct. It's true that Windows has the vast majority of the market share, and is therefore an inviting target. But given that Macs have approx 10% of the market share in the US, you would expect 10% of the viruses to be written for the Mac. Virus writers use Macs too. However, only a few proof of concept viruses have ever been developed for OS X, that rate has not increased as the Mac as gained market share, and none have been successful in the wild. Therefore, it seem very unlikely that OS X is as vulnerable to viruses as Windows.

Note that not all exploits are viruses. Both Windows and OS X are vulnerable to other kinds of exploits. However, because OS X ships with almost no services enabled by default and does not require them to be enabled to be functional, it's much harder to attack a default OS X configuration. Additionally, there are some fundamental differences in the behavior of programs in general on OS X. For example, Windows has a 15 year history of programs running in the background in the system tray, and an entire ecosystem has been built up around supplying small utility programs for windows that potentially create new threats or open new vulnerabilities. OS X will refuse to run any code downloaded from the Internet or installed from an outside source unless the user permits it to run first (using signed code hashes to validate the executable). It's much harder to run exploit code when the user must approve it.

more than 3 years ago
top

Firefox 4 Beta 8 Up

techmuse Re:URL Bar (385 comments)

It's a bug that the FF developers don't believe exists. Please see https://bugzilla.mozilla.org/show_bug.cgi?id=620723.

more than 3 years ago
top

For 18 Minutes, 15% of the Internet Routed Through China

techmuse Re:I don't think the authors understand cryptograp (247 comments)

To get a sense of how long it would take to find a particular key, consider:

The key has n bits, so there are 2^n possible keys that can be enumerated with those bits.

Each processor can test m keys per second. (I'm assuming each processor has the same performance, and ignoring latency between CPU nodes, I/O latency, or anything else that might slow the system down.)

You have access to p processors.

So the time to process all 2^n keys is:

(2^n)/p*m

Note that the value of m doubles once every 18 months (due to Moore's law), so to keep the key finding time constant, you must also add a bit every 18 months. (Adding bits is fairly cheap, but developing faster processors is not!) The value of p is not all that important because p increase linearly as you add more nodes, while n and m increase exponentially. To figure out how long of a key you need for a given algorithm, you simply need to determine the amount of time that you want to keep your data secret for, and choose a number of bits such that (2^n)/p*m is sufficiently large.

I'll let you plug in the numbers and work out the exact times for your favorite system for yourself. :-)

more than 3 years ago
top

For 18 Minutes, 15% of the Internet Routed Through China

techmuse Re:I don't think the authors understand cryptograp (247 comments)

It depends on the algorithm used, the performance of the individual nodes, the number of nodes being used in the attack, etc. Botnets vary wildly in size and performance. The Chinese supercomputer is (most likely) composed of off the shelf Intel or AMD processors. If someone used hardware custom designed to run a brute force attack, it might run much faster. (That's how some of the RSA challenge cracks were done.)

"Is it theoretically possible to derive the server's private key from a session key? How about from multiple session keys?"

Shouldn't be if you are using a well designed algorithm! If you could, that would be a major hole.

more than 3 years ago
top

For 18 Minutes, 15% of the Internet Routed Through China

techmuse Re:I don't think the authors understand cryptograp (247 comments)

Because (assuming that you don't trust the Chinese CA), they would have to use Google's private key in order to produce signed data that was tied to the identity asserted in the certificate issued by the CA that signed for Google.

If you trust a CA that is controlled by the attacker, you're toast. You have to ensure that you do not. (I don't think most people in the world have any idea what a CA is though, let alone how to tell their browsers which ones to trust, so the reality is that any CA's that Mozilla or Google or Microsoft or other browser makers trust (by including them in their browsers by default) are also "trusted" by you.

more than 3 years ago
top

For 18 Minutes, 15% of the Internet Routed Through China

techmuse Re:I don't think the authors understand cryptograp (247 comments)

Breaking modern encryption algorithms using current techniques would take somewhere around the lifetime of the universe. The number of computations required to break a well designed algorithm increase exponentially with the key length. You should always use an algorithm and key length that can be expected to protect your data for longer than the data will remain valuable.

As I indicated in my explanation below, being able to create a certificate does not mean that they can trick you into trusting their site. They must have a cert signed by a root CA that you trust. If you trust the Chinese CA, then you're stuck trusting its assertions. But if you don't, the attack can't work.

more than 3 years ago
top

For 18 Minutes, 15% of the Internet Routed Through China

techmuse Re:I don't think the authors understand cryptograp (247 comments)

Certificates aren't used to encrypt anything. The certificate contains a set of assertions about the subject of the certificate, signed by the certificate issuer. One of those assertions is typically the subject's public key. All the certificate is claiming is that a certain public key is associated with a certain identity, where that identity is claimed by the certification chain starting at some root (in this case, the Chinese CA). If you trust a certain root CA, then you also must trust any assertions made by the children of that CA in the CA hierarchy. If you do not trust that CA, then you won't trust any certification paths that originate at that root.

So is a man in the middle attack possible, as you've described? No. Here's what would actually happen:

1) You request a secure page "https://mail.google.com"
2) Google's server sends you Google's certificate. This is signed (through some CA chain) by a root CA that you (presumably) trust. An attacker could also send you Google's cert, but the attacker doesn't have Google's private key, so anything they encrypt could not be decrypted using Google's public key.
3) You verify that certificate by validating the certificate chain to it. Note that even though China may have a root CA, it doesn't have the private key that was used to generate the certificate. (If China sent you such a cert, it would only validate against the Chinese root CA, which you would have to already trust!)
4) If the attacker attempts to do a man in the middle attack, they can pass you a certificate, but they can't generate data signed by Google, unless you trust China's root CA, because the attacker doesn't have Google's private key.

more than 3 years ago
top

For 18 Minutes, 15% of the Internet Routed Through China

techmuse I don't think the authors understand cryptography (247 comments)

There are two problems here:

1) Can China redirect traffic through its network by advertising that it has the lowest cost routing path? (Apparently, yes.) This is a wormhole attack, and is well documented in research literature.

2) Can China record or alter any traffic that passes through its network? If the data is sufficiently well encrypted, it can not read that data, although it can record the cyphertext. The fact that China can issue a certificate does not mean that it can read *your* data. It only means that encrypted data sent to Chinese servers can be read by the holder(s) of the encryption keys used by those servers.

If you are sending data over the net, and want to protect it, be sure that it is encrypted. If you don't care, be aware that anyone might be able to monitor it, even governments of other countries. If you don't trust the Chinese root CA to certify the identity of servers that you go to, don't accept their CA's certificate as an authority for that purpose.

more than 3 years ago
top

Swedes Show Intel Sandy Bridge Running BIOS-Successor UEFI

techmuse Re:Diagnostics, system configuration, etc (216 comments)

OS X will tell you all of this stuff in the system profiler. In fact, if you install RAM in a non-optimal configuration in a Mac Pro, it will automatically detect it and tell you how to correct the problem for best performance. In the laptops, there is no "wrong" configuration, unless you put the wrong type of RAM in, in which case that RAM slot is disabled or, in the worst case, the system won't boot (in which case UEFI wouldn't help you anyway).

more than 3 years ago
top

USB 'Dead Drops'

techmuse Re:Good way to get your laptop attacked (322 comments)

And here is an article on this exploit technique:

http://www.dailytech.com/USB+Drive+Malware+Exploit+Windows+7+Flaw+in+Apparent+Espionage+Effort/article19065.htm

more than 3 years ago
top

USB 'Dead Drops'

techmuse Good way to get your laptop attacked (322 comments)

So basically, you are being invited to connect a USB device from an unknown source, with unknown code on it, to your machine. There have been many instances of people leaving USB sticks with exploit binaries around for people to find. You find the stick, stick it in your machine, and are promptly exploited. Regardless of whether the creator of the dead drops hasn't done this intentionally themselves (hopefully, they haven't), you have no idea what might have been placed on the sticks by others.

more than 3 years ago

Submissions

top

Steve Jobs taking another medical leave

techmuse techmuse writes  |  more than 3 years ago

techmuse (160085) writes "The New York Times and many other sources report that Steve Jobs will be taking another medical leave of absence. No indication has been given as to when he will return. Jobs will remain CEO, and will continue to be involved in making major decisions for the company. Apple Chief Operating Officer Tim Cook will run the company in Jobs' absence."
Link to Original Source
top

Doctor marries Doctor's daughter, exploding TARDIS

techmuse techmuse writes  |  more than 3 years ago

techmuse (160085) writes "In a veritable Who's Who of Doctor Who, 10th Doctor David Tennant is marrying Georgia Moffett, the daughter of 5th Doctor Peter Davison, who played the Doctor's daughter in an episode of Doctor Who. Except that the Doctor's daughter was a clone of the Doctor, which meant that she really was Who. So a newer Doctor is marrying an older Doctor's daughter, who is a clone of the newer doctor, but only has half the DNA of the older Doctor."
Link to Original Source
top

What does Windows 7 track, exactly?

techmuse techmuse writes  |  more than 3 years ago

techmuse (160085) writes "A posting on the Windows Team Blog states that "In the last month, Windows 7 users have used Jump Lists 339,129,958 times!" How does Microsoft know this? Microsoft gathers telemetry for some products, especially those in development. Does it also gather it for products on the market? What exactly does it track? Are most users aware of this (beyond a screen that says "Help make Windows better"?)"
Link to Original Source
top

CA wants to put electronic ads on license plates

techmuse techmuse writes  |  more than 3 years ago

techmuse (160085) writes "The San Jose Mercury News reports that the California state legislature wants to put electronic advertising on your license plate. The plate would display standard plate information when the car is moving, but would also display ads when the car is stopped. Not distracting or annoying at all!"
top

Why innovation dies at Microsoft

techmuse techmuse writes  |  more than 4 years ago

techmuse (160085) writes "The New York Times has an opinion article by a former Microsoft manager today on why Microsoft has failed to develop innovative products over the past decade or so. Reasons cited include infighting between internal groups, who want to protect their own territory, poor timing, and lack of willingness to invest in hardware in addition to software. According to the article, good technologies are often developed internally, but then fail to make it to market because the groups responsible for existing products refuse to integrate them."
Link to Original Source
top

Barack Obama wins the 2009 Nobel Peace Prize

techmuse techmuse writes  |  more than 4 years ago

techmuse (160085) writes "President Barack Obama has just been awarded the 2009 Nobel Peace Prize for "his extraordinary efforts to strengthen international diplomacy and cooperation between peoples"."
top

The day the (streaming) TV died

techmuse techmuse writes  |  more than 4 years ago

techmuse (160085) writes "As shown at this discussion, Hulu seems to have lost the ability to display anything but ads to its users. Is a site like Hulu a reasonable replacement for watching over the air broadcasts when it can lose the ability to stream television at all?"
top

Comcast seeking control of both pipes and content?

techmuse techmuse writes  |  more than 4 years ago

techmuse (160085) writes "Reuters reports that Comcast may attempting to use its huge cash reserves to purchase a large media content provider, such as Disney, Viacom, or Time Warner. This would result in Comcast controlling both the delivery mechanism for content, and the content itself. Potentially, it could limit access to content it owns to subscribers to its own services, thus shutting out competing services (where they still exist at all)."
top

AT&T makes its terms of service even worse

techmuse techmuse writes  |  more than 4 years ago

techmuse (160085) writes "AT&T has changed its terms of service (including for existing contracts)to prevent class action suits. Note that you are already required to submit your case to arbitration, a forum in which consumers are often at a substantial disadvantage. Now you must go up against AT&T alone."
top

Google Earth 5 installs updater with security risk

techmuse techmuse writes  |  more than 5 years ago

techmuse (160085) writes "Google Earth 5.0 requires the installation of Google Update Engine, software that runs in the background on your computer that can update old software and install new software. "It can even update kernel extensions, regular files, and root-owned applications," according to the update engine page. In its installer, Google claims "Google Software Update verifies updates and is safer than downloading files from the Internet yourself," however security conscious users may find this assertion questionable. If you don't want the updater, no Google Earth for you...and no obvious way to remove the updater is provided if you accept its installation."
top

Lexus to start spamming car buyers in their cars

techmuse techmuse writes  |  more than 5 years ago

techmuse (160085) writes "Lexus has announced plans to send targeted messages to buyers of its cars based on the buyer's zip code and vehicle type. Unlike regular spam, these messages will be delivered directly to the buyer's vehicle, and will play to the vehicle's occupants as audio. Lexus has promised to make the messages relevant to the car buyers. As a purchaser of a car, would you want these messages delivered to your car and read to you?"
top

Slashdot.org adopts new, hard to read interface

techmuse techmuse writes  |  more than 5 years ago

techmuse (160085) writes "Slashdot.org has significantly changed its interface for only the second or third time in the history of the site. The new interface, which appears to be based on its firehose feature packs more stories onto a page, but makes it more difficult to read, and requires an additional click to actually read through stories. Users who greatly prefer the old interface are searching for a way to switch back, and to notify the Slashdot administrators of the usability issue in a way that will generate helpful suggestions from users (perhaps in the comments section of a story on the site.)"
top

Open sourcing advice to presidents?

techmuse techmuse writes  |  more than 5 years ago

techmuse (160085) writes "Now that Barack Obama has been elected to the Presidency, it might be helpful if he could receive advice from experts in technical fields who would not normally have access to a President, but who do understand the issues. Could an open source forum of ideas to be passed on to the President be set up? This might function similarly to some of the idea rating blogs that companies like Dell and Microsoft have previously set up."

Journals

techmuse has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...